index d8cf9db2884841195eb6ccaa9b6d28de5fc5acb7..d24ced9d6426c21b331ab2267fa5044ad2233ba5 100755 (executable)
my ($cfg_file, %cfg_defaults, $foreground, $verbose, $pid_file, $procid, $pid, $log_file);
my ($server_ip, $server_port, $server_key, $server_timeout, $server_domain);
-my ($client_ip, $client_port, $ldap_enabled, $ldap_config, $pam_config, $nss_config);
-
-my $server_address;
-my @servers;
-my $client_address;
-my $client_mac_address;
+my ($client_ip, $client_port, $client_mac_address, $ldap_enabled, $ldap_config, $pam_config, $nss_config);
my $xml;
my $default_server_key;
my $event_hash;
+my @servers;
+
+# globalise variables which are used in imported events
+our $cfg_file;
+our $server_address;
+our $client_address;
+our $server_key;
# default variables
our $REGISTERED_FLAG = 1;
"client" =>
{"client_port" => [\$client_port, "20083"],
"client_ip" => [\$client_ip, "0.0.0.0"],
+ "client_mac_address" => [\$client_mac_address, "00:00:00:00:00:00:00"],
"ldap" => [\$ldap_enabled, 1],
"ldap_config" => [\$ldap_config, "/etc/ldap/ldap.conf"],
"pam_config" => [\$pam_config, "/etc/pam_ldap.conf"],
# DESCRIPTION:
#===============================================================================
sub read_configfile {
+ my ($cfg_file, %cfg_defaults) = @_ ;
my $cfg;
if( defined( $cfg_file) && ( length($cfg_file) > 0 )) {
if( -r $cfg_file ) {
# DESCRIPTION: Uses ioctl to get mac address directly from system.
#===============================================================================
sub get_mac {
- my $ifreq= shift;
- my $result;
- if ($ifreq && length($ifreq) > 0) {
- if($ifreq eq "all") {
- if(defined($server_ip)) {
- $result = &get_local_mac_for_remote_ip($server_ip);
- } else {
- $result = "00:00:00:00:00:00";
- }
- } else {
- my $SIOCGIFHWADDR= 0x8927; # man 2 ioctl_list
-
- # A configured MAC Address should always override a guessed value
- if ($client_mac_address and length($client_mac_address) > 0) {
- $result= $client_mac_address;
- }
-
- socket SOCKET, PF_INET, SOCK_DGRAM, getprotobyname('ip')
- or die "socket: $!";
-
- if(ioctl SOCKET, $SIOCGIFHWADDR, $ifreq) {
- my ($if, $mac)= unpack 'h36 H12', $ifreq;
-
- if (length($mac) > 0) {
- $mac=~ m/^([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])$/;
- $mac= sprintf("%s:%s:%s:%s:%s:%s", $1, $2, $3, $4, $5, $6);
- $result = $mac;
- }
- }
- }
- }
- return $result;
+ my $ifreq= shift;
+ my $result;
+ if ($ifreq && length($ifreq) > 0) {
+ if($ifreq eq "all") {
+ if(defined($server_ip)) {
+ $result = &get_local_mac_for_remote_ip($server_ip);
+ }
+ elsif ($client_mac_address && length($client_mac_address) > 0){
+ $result = &client_mac_address;
+ }
+ else {
+ $result = "00:00:00:00:00:00";
+ }
+ } else {
+ my $SIOCGIFHWADDR= 0x8927; # man 2 ioctl_list
+
+ # A configured MAC Address should always override a guessed value
+ if ($client_mac_address and length($client_mac_address) > 0) {
+ $result= $client_mac_address;
+ }
+ else {
+ socket SOCKET, PF_INET, SOCK_DGRAM, getprotobyname('ip')
+ or die "socket: $!";
+
+ if(ioctl SOCKET, $SIOCGIFHWADDR, $ifreq) {
+ my ($if, $mac)= unpack 'h36 H12', $ifreq;
+
+ if (length($mac) > 0) {
+ $mac=~ m/^([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])([0-9a-f][0-9a-f])$/;
+ $mac= sprintf("%s:%s:%s:%s:%s:%s", $1, $2, $3, $4, $5, $6);
+ $result = $mac;
+ }
+ }
+ }
+ }
+ }
+ return $result;
}
}
+sub new_ldap_config {
+ my ($msg_hash) = @_ ;
+ my $element;
+ my @ldap_uris;
+ my $ldap_base;
+ my @ldap_options;
+ my @pam_options;
+ my @nss_options;
+ my $goto_admin;
+ my $goto_secret;
+ my $admin_base= "";
+ my $department= "";
+ my $unit_tag;
+
+ # Transform input into array
+ while ( my ($key, $value) = each(%$msg_hash) ) {
+ if ($key =~ /^(source|target|header)$/) {
+ next;
+ }
+
+ foreach $element (@$value) {
+ if ($key =~ /^ldap_uri$/) {
+ push (@ldap_uris, $element);
+ next;
+ }
+ if ($key =~ /^ldap_base$/) {
+ $ldap_base= $element;
+ next;
+ }
+ if ($key =~ /^goto_admin$/) {
+ $goto_admin= $element;
+ next;
+ }
+ if ($key =~ /^goto_secret$/) {
+ $goto_secret= $element;
+ next;
+ }
+ if ($key =~ /^ldap_cfg$/) {
+ push (@ldap_options, "$element");
+ next;
+ }
+ if ($key =~ /^pam_cfg$/) {
+ push (@pam_options, "$element");
+ next;
+ }
+ if ($key =~ /^nss_cfg$/) {
+ push (@nss_options, "$element");
+ next;
+ }
+ if ($key =~ /^admin_base$/) {
+ $admin_base= $element;
+ next;
+ }
+ if ($key =~ /^department$/) {
+ $department= $element;
+ next;
+ }
+ if ($key =~ /^unit_tag$/) {
+ $unit_tag= $element;
+ next;
+ }
+ }
+ }
+
+ # Unit tagging enabled?
+ if (defined $unit_tag){
+ push (@pam_options, "pam_filter gosaUnitTag=$unit_tag");
+ push (@nss_options, "nss_base_passwd $admin_base?sub?gosaUnitTag=$unit_tag");
+ push (@nss_options, "nss_base_group $admin_base?sub?gosaUnitTag=$unit_tag");
+ }
+
+ # Setup ldap.conf
+ my $file1;
+ my $file2;
+ open(file1, "> $ldap_config");
+ print file1 "# This file was automatically generated by gosa-si-client. Do not change.\n";
+ print file1 "URI";
+ foreach $element (@ldap_uris) {
+ print file1 " $element";
+ }
+ print file1 "\nBASE $ldap_base\n";
+ foreach $element (@ldap_options) {
+ print file1 "$element\n";
+ }
+ close (file1);
+ daemon_log("wrote $ldap_config", 5);
+
+ # Setup pam_ldap.conf / libnss_ldap.conf
+ open(file1, "> $pam_config");
+ open(file2, "> $nss_config");
+ print file1 "# This file was automatically generated by gosa-si-client. Do not change.\n";
+ print file2 "# This file was automatically generated by gosa-si-client. Do not change.\n";
+ print file1 "uri";
+ print file2 "uri";
+ foreach $element (@ldap_uris) {
+ print file1 " $element";
+ print file2 " $element";
+ }
+ print file1 "\nbase $ldap_base\n";
+ print file2 "\nbase $ldap_base\n";
+ foreach $element (@pam_options) {
+ print file1 "$element\n";
+ }
+ foreach $element (@nss_options) {
+ print file2 "$element\n";
+ }
+ close (file2);
+ daemon_log("wrote $nss_config", 5);
+ close (file1);
+ daemon_log("wrote $pam_config", 5);
+
+ # Create goto.secrets if told so - for compatibility reasons
+ if (defined $goto_admin){
+ open(file1, "> /etc/goto/secret");
+ close(file1);
+ chown(0,0, "/etc/goto/secret");
+ chmod(0600, "/etc/goto/secret");
+ open(file1, "> /etc/goto/secret");
+ print file1 "GOTOADMIN=\"$goto_admin\"\nGOTOSECRET=\"$goto_secret\"\n";
+ close(file1);
+ daemon_log("wrote /etc/goto/secret", 5);
+ }
+
+
+
+ # Write shell based config
+ my $cfg_name= dirname($ldap_config)."/ldap-shell.conf";
+ open(file1, "> $cfg_name");
+ print file1 "LDAP_BASE=\"$ldap_base\"\n";
+ print file1 "ADMIN_BASE=\"$admin_base\"\n";
+ print file1 "DEPARTMENT=\"$department\"\n";
+ print file1 "UNIT_TAG=\"".(defined $unit_tag ? "$unit_tag" : "")."\"\n";
+ print file1 "UNIT_TAG_FILTER=\"".(defined $unit_tag ? "(gosaUnitTag=$unit_tag)" : "")."\"\n";
+ close(file1);
+ daemon_log("wrote $cfg_name", 5);
+
+ return;
+
+}
+
+
sub create_passwd {
my $new_passwd = "";
for(my $i=0; $i<31; $i++) {
}
+sub send_msg_to_target {
+ my ($msg, $address, $encrypt_key, $msg_header) = @_ ;
+ my $error = 0;
+
+ if( $msg_header ) {
+ $msg_header = "'$msg_header'-";
+ }
+ else {
+ $msg_header = "";
+ }
+
+ # encrypt xml msg
+ my $crypted_msg = &encrypt_msg($msg, $encrypt_key);
+
+ # opensocket
+ my $socket = &open_socket($address);
+ if( !$socket ) {
+ daemon_log("cannot send ".$msg_header."msg to $address , host not reachable", 1);
+ $error++;
+ }
+
+ if( $error == 0 ) {
+ # send xml msg
+ print $socket $crypted_msg."\n";
+
+ daemon_log("send ".$msg_header."msg to $address", 1);
+ daemon_log("message:\n$msg", 8);
+
+ }
+
+ # close socket in any case
+ if( $socket ) {
+ close $socket;
+ }
+
+ return;
+}
+
+
sub open_socket {
my ($PeerAddr, $PeerPort) = @_ ;
if(defined($PeerPort)){
$error++;
}
+ ######################
+ # process incoming msg
if( $error == 0 ) {
my $header = @{$msg_hash->{header}}[0];
my $source = @{$msg_hash->{source}}[0];
daemon_log("found event '$header' at event-module '".$event_hash->{$header}."'", 5);
no strict 'refs';
$answer = &{$event_hash->{$header}."::$header"}($msg, $msg_hash);
- if( $header eq "registered") {
- $REGISTERED_FLAG = $answer;
- }
- }
+ }
+# else {
+# # maybe header is a core function
+# daemon_log("WARNING: no event assigned to msg $header", 5);
+# if ($header eq 'new_ldap_config') { if ($ldap_enabled == 1) {&new_ldap_config($msg_hash)}}
+# elsif ($header eq 'ping') { &got_ping($msg_hash) }
+# elsif ($header eq 'wake_up') { &execute_event($msg_hash)}
+# elsif ($header eq 'new_passwd') { &new_passwd()}
+# elsif ($header eq 'compute_hardware') { &compute_hardware() }
+# else { daemon_log("ERROR: no core function assigned to msg $header", 5) }
+# }
+ }
+
+ ########
+ # answer
+ if( $answer ) {
+ if( $answer =~ "<header>registered</header>") {
+ $REGISTERED_FLAG = 0;
+ }
else {
- # maybe header is a core function
- daemon_log("WARNING: no event assigned to msg $header", 5);
- if ($header eq 'new_ldap_config') { if ($ldap_enabled == 1) {&new_ldap_config($msg_hash)}}
- elsif ($header eq 'ping') { &got_ping($msg_hash) }
- elsif ($header eq 'wake_up') { &execute_event($msg_hash)}
- elsif ($header eq 'new_passwd') { &new_passwd()}
- elsif ($header eq 'compute_hardware') { &compute_hardware() }
- else { daemon_log("ERROR: no core function assigned to msg $header", 5) }
+ &send_msg_to_address($answer, $server_address, $server_key);
}
}
# read and set config parameters
&check_cmdline_param ;
-&read_configfile;
+&read_configfile($cfg_file, %cfg_defaults);
&check_pid;
# detect own ip and mac address
my $network_interface= &get_interface_for_ip($client_ip);
+daemon_log("Mac address at this point: $client_mac_address", 1);
+daemon_log("Interface at this point: $network_interface", 1);
$client_mac_address= &get_mac($network_interface);
daemon_log("gosa-si-client ip address detected: $client_ip", 1);
daemon_log("gosa-si-client mac address detected: $client_mac_address", 1);